From owner-freebsd-current Wed Nov 24 18:56: 2 1999 Delivered-To: freebsd-current@freebsd.org Received: from mail.rpi.edu (mail.rpi.edu [128.113.100.7]) by hub.freebsd.org (Postfix) with ESMTP id 41E2114D59 for ; Wed, 24 Nov 1999 18:55:58 -0800 (PST) (envelope-from drosih@rpi.edu) Received: from [128.113.24.47] (gilead.acs.rpi.edu [128.113.24.47]) by mail.rpi.edu (8.9.3/8.9.3) with ESMTP id VAA43686; Wed, 24 Nov 1999 21:54:15 -0500 Mime-Version: 1.0 X-Sender: drosih@mail.rpi.edu Message-Id: In-Reply-To: <199911240803.IAA89224@hak.lan.Awfulhak.org> References: <199911240803.IAA89224@hak.lan.Awfulhak.org> Date: Wed, 24 Nov 1999 21:55:54 -0500 To: Brian Somers , Mike Smith From: Garance A Drosihn Subject: Re: ps on 4.0-current Cc: freebsd-current@FreeBSD.ORG Content-Type: text/plain; charset="us-ascii" ; format="flowed" Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG At 8:03 AM +0000 11/24/99, Brian Somers wrote: > > This was discussed close to death before the changes were committed, > > and the current behaviour (restricted access) has been agreed by > > general consensus to be the most appropriate. > >My reading of the thread was ``I'm going to cache ps args to stop all >the delving into user space to do a ps'', ``but what about the -e >option'', ``ok, I'll make that inaccessible unless you have >permission''. > >I stopped reading the -e thread because I believe it's a good thing to >restrict this. I completely missed that the conversation had moved >on to ``hey, who needs ps args anyway'', and I'm sure that given the >number of messages posted about the -e restriction, others did too. For what it's worth, this is also what happened to me. I tuned out the '-e' thread once I had said my two-bits on the topic (and I was pretty sure the end result would come out OK with me). I did not notice the topic of also removing argv from 'ps'. Removing 'ps -e' ability is fine by me (though I'd prefer that I could see the environment of "my own" processes). I can see how that would improve security, even if it occasionally means a very slight loss in user convenience. I am not at all happy with the idea of removing argv from 'ps' listings. I have scripts which use that information, and it sounds like the only way to fix those scripts would make things WORSE for security. This does not benefit "user convenience" and it does not benefit "security". At the same time, I remember many years ago when another OS that I worked on was trying for security classification. I can see that this behavior *could* be a good idea for situations which want to be really paranoid about security. I would not mind this behavior as a system-wide option, but I'd certainly want the default setting to match current behavior. --- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or drosih@rpi.edu Rensselaer Polytechnic Institute To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message